6 matches found
CVE-2012-2112
Cross-site scripting XSS vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages...
CVE-2012-2112
TYPO3 Exception Handler XSS (CVE-2012-2112): Affected TYPO3 versions are 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7. The vulnerability allows remote attackers to inject arbitrary web script or HTML via exception messages, i.e., a reflected XSS in exception handling. Imp...
[SECURITY] [DSA 2455-1] typo3-src security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 [email protected] http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq -...
Debian DSA-2455-1 : typo3-src - missing input sanitization
Helmut Hummel of the TYPO3 security team discovered that TYPO3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this...
[SECURITY] [DSA 2455-1] typo3-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 [email protected] http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq -...
Cross-Site Scripting Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting. Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.14, 4.5.0 up to 4.5.14, 4.6.0 up to 4.6.7 and development releases of the 4.7 branch. Vulnerable subcomponent: Exception Handler Vulnerability Type: Cross-Si...